Hi, Is anyone running ATS in a FIPS* (Federal Information Processing Standard) compliant setup?
I was looking into this and ATS has some code that seems to allow it to call the fips enable function from openssl but it doesn't work quite right it seems. I've patched ATS to force FIPS mode on but ATS fails to start due to MD5 hash functions no longer being available, and ATS seems to heavily use MD5 internally. As a crazy idea just to see what would happen I basically did s/md5/sha256 in the code base and was able to make ATS compile and run but it never logged the 'fips enabled' bits, but it didn't complain about MD5 either. I'm wondering if there was some initial effort for FIPS support that was abandoned, and what I see in the code now is that remnants. Thanks for any comments, Phillip Moore * https://www.openssl.org/docs/fipsnotes.html
